CISCO breaks DKIM on their ASA/PIX (again)

Posted by Ralf Hildebrandt on 8 December 2011 | 0 Comments

Tags: Cisco, sux, DKIM, Postfix

site which was using Postfix and a CISCO ASA with "smtp protocol

fixup" enabled.

I was able to work around the delivery problems by stripping the DKIM

headers on outgoing mails (as so often).

Some interesting info got out:

I've also discussed these results with local Cisco support and they

confirmed it's a known bug (not published) with DKIM and smtp inspection

engine in latest IOS versions.

This should be fixed in some newer IOS version (8.4(10)) which is not

public yet (latest is 8.4(2)).

Over the last few days I discussed SMTP delivery problems with a czech site which was using Postfix and a CISCO ASA with "smtp protocol fixup" enabled.

I was able to work around the delivery problems by stripping the DKIM headers on outgoing mails (as so often).

Some interesting info got out:

I've also discussed these results with local Cisco support and they confirmed it's a known bug (not published) with DKIM and smtp inspection engine in latest IOS versions.

This should be fixed in some newer IOS version (8.4(10)) which is not public yet (latest is 8.4(2)).

Post your comment

Comments

No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments

Computerbeschimpfung

Subscribe via RSS

Browse by Date

Tag Cloud